5ab9d810a19d6970e8a8ca61aac4c0b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ab9d810a19d6970e8a8ca61aac4c0b6_JaffaCakes118
Size

84KB
MD5

5ab9d810a19d6970e8a8ca61aac4c0b6
SHA1

1846bd5686bbde2512f1b03657a4e3f61b84b347
SHA256

14bde713fdfdf18e9ebaeca5d3fcd1d8719f33f70b5861f839fe78c573010d55
SHA512

91e927414a62c2042065e5d35648d2ed23dadca22bb03929a7499e4864b4665e79f18150ef53b9e5512d545bcc06acdbb040a572c85bdbf5e14bac6895cb2f41
SSDEEP

1536:mrlVBlSmPd7pSrXF7FlBqj251beKjtW/QXAfVfBfZ2ooeIcO0SVajD:OfnSmPd907Floj251besjQBYooFcXSOD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ab9d810a19d6970e8a8ca61aac4c0b6_JaffaCakes118

Files

5ab9d810a19d6970e8a8ca61aac4c0b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f79b8ff3bd023812ec840210cc4f2da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupCloseInfFile

user32

MessageBoxA

ntdll

RtlUnwind

kernel32

WideCharToMultiByte
VirtualAlloc
WaitForMultipleObjects
GetCommandLineA
GetCurrentDirectoryW
GetSystemInfo
IsDBCSLeadByte
LoadLibraryW
GetLastError
UnmapViewOfFile
VirtualQuery
TlsGetValue
GetStringTypeW
GetLocaleInfoA
GetOEMCP
lstrlenA
SetEvent
HeapCreate
MultiByteToWideChar
LCMapStringW
VirtualProtect
GetLocaleInfoW
GetUserDefaultLCID
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
HeapDestroy
GetCurrentThreadId
DeleteFileA
FlushFileBuffers
WaitForSingleObject
GetFileType
WriteFile
LCMapStringA
OutputDebugStringA
HeapFree
GetSystemTimeAsFileTime
InterlockedIncrement
SetHandleCount
GetEnvironmentStrings
InterlockedExchange
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
TlsAlloc
GetModuleHandleA
SetUnhandledExceptionFilter
SetFilePointer
GetACP
SetThreadLocale
FormatMessageA
MapViewOfFile
CreateFileA
ExitProcess
TerminateProcess
GetCurrentProcess
TlsFree
RaiseException
GetCurrentProcessId
GetStringTypeA
GetProcAddress
TlsSetValue
GetProcessHeap
CloseHandle
GetEnvironmentStringsW
GetThreadLocale
SetStdHandle
FreeEnvironmentStringsA
GetWindowsDirectoryA
VirtualFree
GetVersionExA
LeaveCriticalSection
CreateEventA
SetCurrentDirectoryW
SetFileAttributesA
lstrcpynA
LocalAlloc
GetStartupInfoA
ReleaseMutex
EnumSystemLocalesA
HeapReAlloc
GetCPInfo
lstrcpyA
LocalFree
FreeLibrary
Sleep
EnterCriticalSection
GetStdHandle
FreeEnvironmentStringsW
HeapAlloc
CreateMutexA
IsValidLocale
IsValidCodePage
LoadLibraryA
SetLastError

avifil32

AVIFileOpenW

Sections

.textbss
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f79b8ff3bd023812ec840210cc4f2da

Headers

File Characteristics

Imports

setupapi

user32

ntdll

kernel32

avifil32

Sections

.textbss Size: - Virtual size: 448KB

.rdata Size: 79KB - Virtual size: 78KB

.text Size: 512B - Virtual size: 412B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 32B

.textbss
Size: - Virtual size: 448KB

.rdata
Size: 79KB - Virtual size: 78KB

.text
Size: 512B - Virtual size: 412B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 32B